Meeting the Regulation’s requirements and protecting data subject’s rights is a challenge that faces every organisation. Each organisation is different and the level of effort to become compliant with the regulations will depend on: (a) the amount of personal data held, (b) the number of methods of obtaining personal data and, (c) the level of compliance with current data protection Acts (1988 & 2003).
The following are practical steps your organisation should follow to prepare for the implementation of GDPR.
Ensure all the above procedures are documented in a Data Protection Policy Manual, ensure the person responsible for data protection compliance maintains and updates the policy manual and Data Protection is added to the quarterly audit committee meetings for discussion. A Data Protection Policy can go into great detail on how the organisation applies the data protection principles, what procedures it should follow, assigning individual / departmental responsibilities, etc.
A Data Protection Policy is fundamentally a document for internal reference. An internal policy which reflects the fundamental data protection rules, which is enforced through supervision and audit, and reviewed regularly, is a valuable compliance tool.
To find out how we can help you with your Data protection requirements contact a member of our Data Protection team.